NISD2.eu

Platform Features

Everything you need for NIS2/BSIG compliance - structured, auditable, and built to last.

Built with IT-Security Law Firms

§§ 28–30 BSIG

Every requirement, form field, and compliance workflow was developed in collaboration with German IT-security law firms specializing in BSIG and NIS2.

10 Measures

This is not a generic checklist tool. The legal structure of each requirement reflects the actual text of the BSIG, mapped to the 10 mandatory measures of Section 30 and the entity categories defined in Sections 28-29.

Traceable

Legal accuracy is the foundation - every field, option, and validation rule traces back to a specific statutory obligation.

Management Liability Protection
§ 38 BSIG
Section 38 BSIG makes management personally liable for cybersecurity compliance. Three duties apply: approval, oversight, and training. These cannot be delegated away.
1

NISD2.eu structures compliance so that management can demonstrate they fulfilled all three duties. Every approval is logged with timestamp and user identity, creating the evidence trail that Section 38 demands.

2

If the BSI audits your company, you need proof that management approved measures, oversaw implementation, and completed training. This platform generates that proof as a byproduct of normal use.

3

Section 38 BSIG makes management personally liable for cybersecurity compliance. Three duties apply: approval, oversight, and training. These cannot be delegated away.

132 Structured BSIG Requirements
The 10 mandatory measures of Section 30 BSIG are broken down into 132 concrete, actionable requirements - each with its own structured form.

132

Requirements

10

§ 30 Measures

AI

Assisted Prefill

Every requirement is a form. Every form field maps to a specific compliance obligation. Fill in the form, and you have documented your compliance. No ambiguity, no guesswork.

Forms support text, selections, multi-select, dates, and file uploads for evidence. AI-assisted prefill helps you draft responses based on your company profile, then you refine and approve.

Deadline Tracking & Escalation
NIS2 compliance is not a one-time project. BSI registration, incident reporting cascades (24h / 72h / 1 month), KRITIS audit cycles, and training renewals all have hard deadlines with real penalties.
10 Phases

The platform tracks every deadline across your compliance lifecycle. Notifications escalate through 10 phases - from early reminders to critical alerts - so nothing falls through the cracks.

Granular

Granular permissions control who gets notified for what. Assign responsibility per requirement, per module, per team member. The right person gets the right alert at the right time.

24h / 72h / 1m

NIS2 compliance is not a one-time project. BSI registration, incident reporting cascades (24h / 72h / 1 month), KRITIS audit cycles, and training renewals all have hard deadlines with real penalties.

13 Operational Security Modules

Beyond the core compliance forms, NISD2.eu includes 13 operational modules that mirror the ongoing security operations the BSIG requires:

1

Asset Management - inventory of all critical systems and infrastructure

2

Risk Register - structured risk assessments with likelihood and impact scoring

3

Incident Management - detection, response, and BSI reporting workflows

4

Supplier Management - supply chain security assessments and monitoring

5

Policy Management - document lifecycle for security policies

6

Training Records - track mandatory cybersecurity training per employee

7

Access Control - role-based access management and reviews

8

Cryptography Register - encryption usage and key management records

9

Business Continuity - disaster recovery plans and test documentation

10

Vulnerability Management - tracking and remediation workflows

11

Network Security - architecture documentation and segmentation records

12

Security Monitoring - log management and detection system records

13

Secured Communications - MFA deployment and secure channel documentation

Each module is purpose-built for NIS2 - not adapted from a generic GRC template. Data flows between modules: an asset referenced in a risk assessment links to the same asset in your incident report.

Permanent Audit Trail & Long-Term Data
SHA-256
Every action in the platform is logged: who changed what, when, and what the previous value was. Every entry is checksummed (SHA-256) for tamper evidence.

Export Anytime

All compliance data lives in structured forms that can be exported at any time - for BSI audits, internal reviews, or legal proceedings. The complete history of your compliance posture is always available.

Data Stays Forever

Compliance only grows. New requirements get added, regulations evolve, your company changes. NISD2.eu is built on a first-principles data architecture: your compliance data stays here permanently. You never re-enter data. When regulations update, your existing documentation carries forward - you only fill in what changed.

This is not a spreadsheet you lose or a consultant's report that sits on a shelf. It is a living, versioned, auditable record of everything your company has done for NIS2 compliance - from day one, forever.